On October 24th, 2010, Eric Butler released a firefox extension. Firesheep was born. Designed to raise online security awareness…it did far more. Although being used by over 900,000 people, few know it exists, or how to protect themselves from the flaw it exposes.
Have you ever heard of a Firefox plugin named Firesheep?
Few others had either….Here are some links from the video:
http://codebutler.com/firesheep
http://www.zscaler.com/blacksheep.html
“It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.” -codebutler
There are many ways to protect yourself from firesheep, by using the plugin called blacksheep you can make sure you are always securely connected. You can also manually connect to secure websites by using HTTPS, instead of HTTP in the URL bar. What this does is allow the use of the SSL protocall which creates a secure “Data Tunnel” which streams information between you and the website. With this “Data Tunnel”, no one is able to see what you are doing, or use any technique such as firesheep, because the session is encrypted on both ends of the line.
Be aware of what your logged into, and where you are when logging in. Remember to always use a secure wireless connection, or even better, use a hard line connection, so that no one can grab your cookies in the manner Firesheep does! Stay vigilant!
